174 matches found
Cisco Adaptive Security Appliances Software 缓冲区错误漏洞
Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco Corporation.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect...
MagpieRSS 0.72 - 'url' Command Injection
Exploit Title: MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery Date: 24 March 2021 Exploit Author: bl4ckh4ck5 Vendor Homepage: http://magpierss.sourceforge.net/ Software Link:...
PT-2021-2046 · Microsoft +3 · Net Core +4
Name of the Vulnerable Software and Affected Versions: .NET Core and Visual Studio affected versions not specified Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service. This vulnerability exists when creating...
CVE-2021-1276 Cisco Data Center Network Manager Certificate Validation Vulnerabilities
Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...
CVE-2021-1276 Cisco Data Center Network Manager Certificate Validation Vulnerabilities
Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...
CVE-2020-14327
A Server-side request forgery SSRF flaw was found in Tower. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test featur...
CVE-2020-15502
The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has...
CVE-2020-7241
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...
Cisco IOx Application Environment Denial of Service Vulnerability
A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service DoS condition. The vulnerability is due to a Transport Layer Security TLS...
CVE-2019-1934
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...
CVE-2019-1934 Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...
F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)
A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...
Code injection
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...
CVE-2018-15502
The CVE-2018-15502 entry concerns Lone Wolf Technologies loadingDOCS. An insecure permissions flaw in the 2018-08-13 version allows remote attackers to download confidential files by issuing HTTPS requests to predictable URLs. The root cause is inadequate access controls on resources, enabling un...
Design/Logic Flaw
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...
CVE-2018-1153
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...
CVE-2018-1153
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic...
Debian: Security Advisory (DLA-823-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
httpd: mod_ssl NULL pointer dereference
A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...
subjack - Hostile Subdomain Takeover tool written in Go
subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule...